package com.imooc.security;

import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;

import com.imooc.security.core.authorize.AuthorizeConfigProvider;
import com.imooc.security.core.properties.SecurityConstants;

/**
 * 7.3.12 Demo模块相关的访问权限配置 只有demo模块才知道有这个配置
 * AuthorizeConfigManager会把所有的provider都装载起来
 */
@Component
// 7.4.8 确保rbac配置在最后生效
@Order(Integer.MAX_VALUE)
public class DemoAuthorizeConfigProvider implements AuthorizeConfigProvider{

	/**
	 * 7.3.13 demo模块的专属权限配置
	 */
	@Override
	public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
		config.antMatchers(SecurityConstants.DEFAULT_USER_RIGIST_URL,
				SecurityConstants.DEFAULT_SOCIAL_USER_INFO_URL).permitAll();
		
		/*.antMatchers("/user").hasRole("ADMIN")
		//.antMatchers(HttpMethod.GET,"/user/*").hasRole("ADMIN")
		//.antMatchers(HttpMethod.GET,"/user/*").hasAuthority("user")
		.antMatchers(HttpMethod.GET,"/user/*").access("xxxxxx")
		
		// 7.3.14 网页授权
		.antMatchers("/demo.html").hasRole("TEST");*/
		
		// 7.4.6 自定义授权表达式，处理rbac请求
		config.anyRequest().access("@rbacService.hasPermission(request, authentication)");
	}

}
